WO2014164653A1 - Systems and methods for providing security via interactive media - Google Patents

Systems and methods for providing security via interactive media Download PDF

Info

Publication number
WO2014164653A1
WO2014164653A1 PCT/US2014/023122 US2014023122W WO2014164653A1 WO 2014164653 A1 WO2014164653 A1 WO 2014164653A1 US 2014023122 W US2014023122 W US 2014023122W WO 2014164653 A1 WO2014164653 A1 WO 2014164653A1
Authority
WO
WIPO (PCT)
Prior art keywords
game
user
processor
time
verification challenge
Prior art date
Application number
PCT/US2014/023122
Other languages
English (en)
French (fr)
Inventor
Shreedhar NATARAJAN
Jaisree Moorthy
Original Assignee
Ganalila, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ganalila, Llc filed Critical Ganalila, Llc
Priority to JP2016501155A priority Critical patent/JP6634193B2/ja
Priority to US14/775,378 priority patent/US10097550B2/en
Priority to KR1020217007444A priority patent/KR102337335B1/ko
Priority to KR1020157027850A priority patent/KR102228714B1/ko
Priority to AU2014249163A priority patent/AU2014249163A1/en
Priority to CA2908547A priority patent/CA2908547C/en
Publication of WO2014164653A1 publication Critical patent/WO2014164653A1/en
Priority to US16/128,751 priority patent/US10893047B2/en
Priority to AU2020200650A priority patent/AU2020200650B2/en
Priority to US17/103,387 priority patent/US11695771B2/en
Priority to AU2021254670A priority patent/AU2021254670C1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/50Controlling the output signals based on the game progress
    • A63F13/53Controlling the output signals based on the game progress involving additional visual information provided to the game scene, e.g. by overlay to simulate a head-up display [HUD] or displaying a laser sight in a shooting game
    • A63F13/537Controlling the output signals based on the game progress involving additional visual information provided to the game scene, e.g. by overlay to simulate a head-up display [HUD] or displaying a laser sight in a shooting game using indicators, e.g. showing the condition of a game character on screen
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • Illustrative methods of subverting security measures may involve using one or more computing systems, such as a bot, a botnet, and/or the like, to generate an attack. Such methods can be particularly useful in using automated techniques to guess passwords.
  • Previous attempts to prevent such automated techniques have resulted in security measures that use challenge-response testing to determine whether an entity requesting access to an account is a human or a computing system.
  • Such challenge-response testing generally requires an entity to enter characters from a distorted image to verify that the entity is a human user. For a time, the challenge-response testing was successful in verifying an entity was human.
  • advances in computing technology have made such challenge- response testing less effective.
  • Other illustrative methods of subverting security measures may include unauthorized users posing as authorized users to gain access to a secured resource.
  • the unauthorized user may have information pertinent to an authorized user that is used to "trick" the security measures into allowing the unauthorized user access to the secured resource.
  • Current methods include requiring an authorized user to provide additional security information when setting up an account, such as, for example, a mother's maiden name, a name of a dog, an old address, and/or the like. However, such information is easily obtainable by unauthorized users.
  • a system may include a processor and a non-transitory, processor-readable storage medium.
  • the non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input corresponds to at least one parameter indicative of a human user.
  • the verification challenge may include a game.
  • a system may include a processor and a non-transitory, processor-readable storage medium.
  • the non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input does not correspond to at least one parameter indicative of a human user.
  • the verification challenge may include a game.
  • a method may include receiving, by a processor, a request to access a secured resource, providing, by the processor, a verification challenge to a user via a user interface, receiving, by the processor, at least one input from the user in response to the verification challenge, and determining, by the processor, that the at least one input corresponds to at least one parameter indicative of a human user.
  • the verification challenge may include a game.
  • a method may include receiving, by a processor, a request to access a secured resource, providing, by the processor, a verification challenge to a user via a user interface, receiving, by the processor, at least one input from the user in response to the verification challenge, and determining, by the processor, that the at least one input does not correspond to at least one parameter indicative of a human user.
  • the verification challenge may include a game.
  • a system may include a processor and a non-transitory, processor-readable storage medium.
  • the non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input corresponds to at least one parameter indicative of an authorized user.
  • the verification challenge may include a game.
  • a system may include a processor and a non-transitory, processor-readable storage medium.
  • the non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input does not correspond to at least one parameter indicative of an authorized user.
  • the verification challenge may include a game.
  • a method may include receiving, by a processor, a request to access a secured resource, providing, by the processor, a verification challenge to a user via a user interface, receiving, by the processor, at least one input from the user in response to the verification challenge, and determining, by the processor, that the at least one input corresponds to at least one parameter indicative of an authorized user.
  • the verification challenge may include a game.
  • a method may include receiving, by a processor, a request to access a secured resource, providing, by the processor, a verification challenge to a user via a user interface, receiving, by the processor, at least one input from the user in response to the verification challenge, and determining, by the processor, that the at least one input does not correspond to at least one parameter indicative of an authorized user.
  • the verification challenge may include a game.
  • FIG. 1 depicts a flow diagram of an illustrative method of verifying a human user according to an embodiment.
  • FIG. 2 depicts a flow diagram of a second illustrative method of verifying a human user according to an embodiment.
  • FIG. 3 depicts a flow diagram of a third illustrative method of verifying a human user according to an embodiment.
  • FIG. 4 depicts a flow diagram of a fourth illustrative method of verifying a human user according to an embodiment.
  • FIG. 5 depicts a block diagram of an illustrative networked system according to an embodiment.
  • FIG. 6 depicts a block diagram of an illustrative computing device according to an embodiment.
  • FIG. 7 depicts an illustrative verification challenge according to an embodiment.
  • FIG. 8 depicts a second illustrative verification challenge according to an embodiment.
  • FIG. 9 depicts a third illustrative verification challenge according to an embodiment.
  • FIG. 10 depicts a fourth illustrative verification challenge according to an embodiment.
  • FIG. 11 depicts a fifth illustrative verification challenge according to an embodiment.
  • FIG. 12 depicts a sixth illustrative verification challenge according to an embodiment.
  • a "user” is not limited by this disclosure, and includes one or more entities or people using of any of the components and/or elements thereof as described herein.
  • a user can be a researcher, an expert, a player, an administrator, a developer, a group of individuals, and/or the like.
  • interactions between multiple users may be various users of the same category, such as, for example, multiple players, multiple researchers, multiple experts, multiple administrators, multiple developers, multiple groups, and/or the like.
  • interactions between multiple users may be various users of differing categories, such as, for example, a player and a researcher, a player and an expert, a player and an administrator, and/or the like.
  • a “human user” refers to a user who is a human being that accesses a user interface.
  • a “non-human user” refers to any other user, particularly a machine, a computing device, or the like, that accesses a user interface, usually under the direction of a human user for malicious or non-malicious purposes.
  • the non-human user may also be referred to herein as a "bot.” Accordingly, the terms may be used interchangeably herein.
  • An "electronic device” refers to a device that includes a processor and a tangible, computer-readable memory or storage device.
  • the memory may contain programming instructions that, when executed by the processing device, cause the device to perform one or more operations according to the programming instructions.
  • Examples of electronic devices include personal computers, supercomputers, gaming systems, televisions, mobile devices, medical devices, telescopes, satellites, recording devices, automatic teller machines, kiosks, electronic locks, and/or the like.
  • a “mobile device” refers to an electronic device that is generally portable in size and nature, or is capable of being operated while in transport. Accordingly, a user may transport a mobile device with relative ease. Examples of mobile devices include pagers, cellular phones, feature phones, smartphones, personal digital assistants (PDAs), cameras, tablet computers, phone-tablet hybrid devices (“phablets”), laptop computers, netbooks, ultrabooks, global positioning satellite (GPS) navigation devices, in-dash automotive components, media players, watches, and the like.
  • PDAs personal digital assistants
  • phablets phone-tablet hybrid devices
  • laptop computers netbooks
  • ultrabooks ultrabooks
  • GPS global positioning satellite
  • a "computing device” is an electronic device, such as a computer, a processor, a memory, and/or any other component, device or system that performs one or more operations according to one or more programming instructions.
  • a "secured resource” refers to one or more objects, locations, and/or systems to which access is restricted or partially restricted by a security device and/or a security feature.
  • a secured resource may be, for example, a physical location, such as a building or a room in a building. Such a secured resource may also include a security device such as a locking mechanism on a door.
  • a secured resource may also be an outdoor location, protected by, for example, a fence with a locking gate.
  • a secured resource may also be a garage or parking area, where the security device may be, for example, a garage door or vehicle barrier.
  • a secured resource may be at least one computer and/or components thereof, at least one computer network, at least one electronic device, and/or the like where the security device may be, for example, a microprocessor and/or other electronic circuitry programmed to selectively restrict use of the secured resource.
  • a "user interface” is an interface which allows a user to interact with a computer or computer system.
  • the user interface may also be referred to as a "human interface device.”
  • a user interface may generally provide information or data to the user and/or receive information or data from the user.
  • the user interface may enable input from a user to be received by the computer and may provide output to the user from the computer. Accordingly, the user interface may allow a user to control or manipulate a computer and may allow the computer to indicate the effects of the user's control or manipulation.
  • the display of data or information on a display or a graphical user interface is a non-limiting example of providing information to a user.
  • the receiving of data through a keyboard, mouse, trackball, touchpad, pointing stick, graphics tablet, joystick, gamepad, webcam, headset, gear sticks, steering wheel, pedals, wired glove, dance pad, remote control, and accelerometer are non-limiting examples of user interface components which enable the receiving of information or data from a user.
  • Gameplay refers to a specific way in which one or more users interact with a game and includes all interaction between the one or more users and the game.
  • Gameplay can be a pattern defined through one or more game rules, a connection between a user and the game, a challenge presented to a user from the game, a method employed by a user in overcoming the challenges, a plot of the game, turn-by-turn directions in a game, a user's interaction with computer-generated characters and situations, a user's interaction with other users, and a user's connection to the game.
  • the gameplay can be interesting, therapeutic, beneficial, and/or engaging to the user, thereby increasing the likelihood that the user interacts with the game for extended periods of time, provides high-quality inputs (for example, relevant and significant inputs), and returns to play the game multiple times.
  • a "game” refers to a board game, an electronic game, a gesture-based game, a massively multiplayer online game (MMOG), a social network-based game, a complex game, and/or the like, and may further include any number of activities, exercises, and interactions.
  • the game may be created by a software developer, an administrator, or the like. In some embodiments, creation of the game may be completed by a user based upon the user' s interaction with another game.
  • While the present disclosure generally relates to games for verifying a human user, those skilled in the art will recognize that the scope of the present disclosure may additionally relate to entertainment, therapeutic exercises, learning and development exercises, medical diagnosis exercises, feedback gathering exercises, proof of human input systems, exercises for assessment and evaluation, interactive advertising, newsfeed gathering, personal content organization, and the like.
  • the data collected from activities presented herein may further be used for purposes such as data mining, information retrieval, data organization, data sorting, data indexing, analytic gathering, known problems, and scientific problems.
  • the data may be used for advertising content customization and/or recommendations systems.
  • the present disclosure relates generally to systems and methods for providing a security feature that verifies that a user requesting access to a secured resource is a human user and/or an authorized user.
  • the security feature may incorporate an interactive interface for the user to play a game.
  • the security feature only allows access to human users after the game is played under particular parameters such that a human presence at the interactive interface is verified.
  • the security feature also only allows access to authorized users by learning particular inputs and/or obtaining particular data specific to an authorized user that an unauthorized user would not be able to fake or obtain.
  • the security feature may be adaptive such that it can learn how a user thinks and/or behaves over time and adapt to the learned information.
  • the security feature after learning about a user, is capable of intelligently recognizing the user.
  • the systems and methods described herein can be used in a clinical setting, such as, for example, to ensure that a user is sufficiently cognitively aware to gain access to the secured resource.
  • a user with a cognitive impairment wishes to unlock a door, he/she may be required to correctly provide inputs in response to a verification challenge that confirm his/her cognitive awareness.
  • FIGS. 1-4 depict flow diagrams of illustrative methods of verifying a human user and/or an authorized user according to various embodiments.
  • the methods depicted in FIGS. 1-4 may be used alternatively or in conjunction with each other.
  • the method of FIG. 2 may be incorporated with the method of FIG. 4 such that the processes performed according to both figures are completed.
  • FIG. 1 depicts a flow diagram of a first illustrative method of verifying a human user and/or an authorized user according to an embodiment.
  • the method may include receiving 105 a request, such as, for example, a request to access a secured resource.
  • the request may generally come from a user, particularly a user of an electronic device.
  • the request is not limited by this disclosure, and may generally be any type of request.
  • a request may be received 105 when a user clicks on a link to a secured resource, when a user attempts to enter a password, a passcode, a PIN number, and/or the like, when a user types a web address of a secure server, when a user provides biometric data (such as a fingerprint or a retinal scan) to a secure entry interface, when a user attempts to purchase an item, when a user activates an electronic device, when a user turns an electronic device on, and/or the like.
  • biometric data such as a fingerprint or a retinal scan
  • the method may further include providing 110 a verification challenge to the user.
  • the verification challenge may generally be any challenge that verifies the user is a human user.
  • the verification challenge provides a method of determining whether a user is human or non-human, such as a bot.
  • the verification challenge may generally be any challenge that verifies the user is an authorized user.
  • the verification challenge provides a method of determining whether a user is authorized or unauthorized.
  • the verification challenge may be a game.
  • Illustrative games include, but are not limited to, a floating balloon game, a maze game, a cutting game, a puzzle game, and a memory game.
  • the verification challenge may include one or more requests that the user complete certain tasks.
  • providing 110 the verification challenge may further include stipulating that the user provide information regarding other users that is known only to the user. For example, a user may need to know an aspect of another user's gameplay, achievements, avatars, collectibles, levels, status, and/or the like in order to respond to a verification challenge. Accordingly, in instances where a hacker has obtained the user's information, he/she would not be able to access the secured resource without obtaining information regarding additional users. Illustrative verification challenges will be described in greater detail with respect to FIGS. 7-12 herein.
  • At least one input may be received 115 from the user in response to the provided 110 verification challenge.
  • the at least one input may correspond to one or more of the user's responses to the verification challenge.
  • Illustrative inputs may include keystrokes, gestures, audio inputs, video inputs, haptic inputs, and/or various touch commands, such as, for example, a swipe, a tap, a double tap, a pinch, and/or the like.
  • the input may be received 115 over a particular period of time, as described in greater detail herein.
  • the number of inputs is not limited by this disclosure, and may generally be any number that is provided by the user, particularly a number of inputs necessary to respond to the verification challenge. In some embodiments, no input may be received.
  • an input is not received within a particular period of time, it may be determined that no input has been received.
  • the period of time is not limited by this disclosure, and may generally be any period of time.
  • Illustrative periods of time may include, but are not limited to, about 30 seconds, about 1 minute, about 2 minutes, about 3 minutes, about 4 minutes, about 5 minutes, about 6 minutes, about 7 minutes, about 8 minutes, about 9 minutes, about 10 minutes or greater, or any value or range between any two of these values (including endpoints).
  • the request is treated as non-responsive and access is denied 125 to the user, as described in greater detail herein.
  • the method may further include determining 120 whether the inputs received 115 correspond to inputs expected of a human user and/or an authorized user. Such a determining step may include, for example, any one of receiving each input, determining a timing of the input, receiving inputs from one or more sensors, and/or receiving location data.
  • Determining a timing of each input may generally include observing an amount of time that elapses between when the verification challenge is provided 110 and when the input (or first input in a series of inputs) is received 115 .
  • the amount of time may generally be an expected amount of time necessary for the user to respond to the challenge. Such an expected amount of time may be developed via observation, testing, estimation, experience, and/or the like.
  • the expected amount of time may be a range of expected amounts of time.
  • the expected amount of time may be an amount of time that has been learned after observing the authorized user' s tendencies over several login attempts to determine how much time the user takes to provide the inputs.
  • the input (or first input in a series of inputs) is received from the user outside of the expected time, it may be determined that the user is non-human or unauthorized. For example, if an input is received at a time that is less than the expected time, such an input may be determined as being received from non-humans, as computers, machines, and/or the like may be capable of responding to stimuli much more quickly than a human would be able to respond. Similarly, if an input is received at a time that is greater than the expected time, such an input may be determined as being received from a non-human or an unauthorized user. In particular, computers, machines and/or the like may be capable of copying the verification challenge and attempting numerous iterations to determine how to bypass it before providing an input.
  • determining a timing of a plurality of inputs may include observing pauses and/or periods of inactivity between inputs. Such pauses and/or periods of inactivity may be indicative of a human or a non-human user, as well as an authorized or unauthorized user, depending on the type of verification challenge.
  • Receiving an input from one or more sensors may generally include receiving information gathered by a sensor and using the information to determine whether the user is a human and/or authorized.
  • the type of sensor is not limited by this disclosure, and may be any device capable of receiving stimuli.
  • Illustrative examples of sensors may include, but are not limited to, a biometric sensor, a camera, a microphone, a touch sensor, a motion sensor, an accelerometer, a barometer, an infrared sensor, and/or the like.
  • a biometric sensor may be used to determine if a user is human by obtaining a retinal scan, a fingerprint, a handprint, a body temperature reading, and/or any other type of measurement that would reasonably only come from a human, as machines, computers, and/or the like would have difficulty replicating biometrically obtained information.
  • a biometric sensor may be used to verify that the human user is an authorized human user by reading biometric markers that an unauthorized user would not be able to fake or could not reasonably know/discover.
  • a camera may be used to view the user and/or recognize a body part, such as a face, of the user to verify that the user is human and/or an authorized human.
  • a microphone may be used to receive audio inputs from a user, such as voice commands, whistling, and/or the like.
  • the biometrically obtained information may be used to determine whether the user is under duress (for example, by measuring pulse rate, eye movement, respiration rate, perspiration, and/or the like). Such a determination may be an indicator that the user is being forced to enter information against his/her own will.
  • Receiving location data may generally be obtained using one or more geolocation technologies.
  • location data may be received via a global positioning satellite (GPS) system, via a cellular telephone network system, via a wireless communication protocol system, and/or the like.
  • GPS global positioning satellite
  • Such location data may be used to verify that the user is located in an expected area.
  • a permanently-located keypad in Denver, CO would reasonably be expected to transmit geolocation coordinates that correspond to its permanent installation when it receives inputs from a user.
  • inputs are received from a bot that is located in Czechoslovakia or from a masked location, it may be recognized that a human is not attempting to access the secured resource at the keypad location in Denver.
  • determining 120 may additionally account for various known and/or learned physiological features of an authorized human user. For example, if a human user is red-green color blind and such a trait is known and/or learned, the verification challenge may provide an arrangement of red objects, green objects, white objects, and other-colored objects and request that the user select all colored objects, while knowing that the red-green color blind user will not select any of the red or green objects, but will select other-colored objects and omit the white objects. Thus, determining 120 may be based on whether any red or green objects were selected. [0047] If the determination 120 is that the user is human and/or authorized, access to the secured resource may be granted 145.
  • Denial 125 of access may generally include disallowing the user from accessing the secured resource.
  • a bona fide human user or a bona fide authorized user makes an error during the verification challenge, he/she may be allowed to attempt the verification challenge again, at which the verification challenge may be provided 110 again, and new inputs may be received 115 from the user.
  • a different verification challenge may be provided 110.
  • the same verification challenge may be provided 110.
  • the number of times a user may be provided 110 with a verification challenge without providing a correct response may be limited.
  • the number of times that a verification challenge may be provided 110 without receiving a correct response is not limited by this disclosure, and may include, for example, about 2 times, about 3 times, about 5 times, about 10 times, or any value or range between any two of these values (including endpoints).
  • the user in addition to denying 225 access to the determined 220 non-human or unauthorized user, the user may be notified 230 of the denial of access.
  • the notification 230 is not limited by this disclosure, and may generally be any notification, including, but not limited to, a text notification, an audio notification, a video notification, an alert, and/or the like.
  • the type of notification may be dependent upon the interface device used by the user to access the secured resource. For example, if the user attempts to access the secure device via a smartphone equipped with a speaker, the notification may be an audio alert, such as a chime or a ding, to notify the user of the denied 225 access.
  • the user may be provided 210 with the verification challenge again.
  • an administrator may be notified of the denial of access.
  • the administrator is not limited by this disclosure, and may be any person or entity that may benefit from such a notification 335.
  • a user or entity that controls the secured resource may be notified 335.
  • the notification 335 is not limited herein, and may be any type of notification, including, but not limited to, a text notification, an audio notification, a video notification, an alert, identification of the resource, identification of the user interface and/or the device used to access the user interface, and/or the like.
  • the notification 335 may be an email alert sent to the administrator noting the details of the denied 325 access, such as, for example, the type of verification challenge, the inputs that were received 315, various sensor data that was obtained, location data, a date and time of the denied access, and/or the like.
  • the user may be provided 310 with the verification challenge again.
  • information may be recorded 440 regarding the denial of access.
  • the information is not limited by this disclosure, and may generally be any information that is pertinent to the denial 425 of access to the secured resource.
  • Illustrative examples of information that may be recorded 440 include, but are not limited to, the type of verification challenge, the inputs that were received 415, various sensor data that was obtained, location data, a date and time of the denied access, identification of the resource, identification of the user interface and/or the device used to access the user interface, and/or the like.
  • the user may be provided 410 with the verification challenge again.
  • FIG. 5 depicts an illustrative networked system according to an embodiment.
  • the system may generally include at least one server 515 and at least one input device 505.
  • the at least one server 515 may communicate with the at least one input device 505 via any communications protocol now known or later developed.
  • the server 515 and the input device 505 may communicate via a network 500, such as, for example, the internet, an intranet, a wide area network, a personal network, and/or the like.
  • the server 515 may generally contain at least a portion of the secured resource and/or may be configured to provide access to the secured resource, as described in greater detail herein.
  • the server 515 is not limited by this disclosure, and may be any computing device and/or components thereof, such as, for example, the computing device described herein with respect to FIG. 6.
  • the input device 505 may generally be a device that receives inputs from a user, as described in greater detail herein.
  • the input device 505 may contain and/or implement a user interface to allow the user to access the secured resource.
  • the input device 505 may contain at least a portion of the secured resource in a storage device therein.
  • the input device 505 is not limited by this disclosure, and may be any electronic device and/or components thereof, including, for example, at least one sensor 510.
  • the input device 505 may be a user's personal electronic device, such as, for example, a computer, a smartphone, a tablet, and/or the like.
  • the input device 505 may be a supplemental means of providing, receiving, and/or processing the inputs received from the user.
  • the input device 505 may include an optical filter module in a touch screen interface that is configured to change a color of a displayed object that is not directed by the server 515.
  • the server 515 may request that a user click on all circles that are colored a certain way, but the input device 505 selects the actual coloring of each circle and never communicates coloring data to the server 515. Such an arrangement may prevent a malicious attacker from attempting to bypass the input device 505 to access the secured resource directly from the server 515.
  • the input device 505 may additionally be configured to provide additional information to the server 515 at the time it receives inputs from the user.
  • the input device 505 may be configured to receive information from at least one sensor 510.
  • the sensor may include, but is not limited to, a biometric sensor, a camera, a microphone, a touch sensor, a motion sensor, an accelerometer, a barometer, an infrared sensor, and/or the like, as described in greater detail herein.
  • Illustrative information may include, but is not limited to, biometric data of the user interacting with the input device 505, imaging information, sound information, touch information, pressure information, device movement information, device location, information regarding the environment in which the device is located, and/or the like.
  • the senor 510 may be configured to sense the amount of pressure the user places on the input device 505 when responding to a challenge. In some embodiments, the sensor 510 may receive information regarding a user's eye movements. In some embodiments, the sensor 510 may receive information regarding environmental parameters, such as, for example, moisture and/or smoke.
  • FIG. 6 depicts a block diagram of illustrative internal hardware that may be used to contain or implement program instructions, such as the process steps discussed herein, according to various embodiments.
  • a bus 600 may serve as the main information highway interconnecting the other illustrated components of the hardware.
  • a CPU 605 is the central processing unit of the system, performing calculations and logic operations required to execute a program.
  • the CPU 605 alone or in conjunction with one or more of the other elements disclosed in FIG. 6, is an illustrative processing device, computing device or processor as such terms are used within this disclosure.
  • Read only memory (ROM) 610 and random access memory (RAM) 615 constitute illustrative memory devices (i.e., processor- readable non-transitory storage media).
  • a controller 620 interfaces with one or more optional memory devices 625 to the system bus 600.
  • These memory devices 625 may include, for example, an external or internal DVD drive, a CD ROM drive, a hard drive, flash memory, a USB drive, or the like. As indicated previously, these various drives and controllers are optional devices.
  • Program instructions, software, or interactive modules for providing the interface and performing any querying or analysis associated with one or more data sets may be stored in the ROM 610 and/or the RAM 615.
  • the program instructions may be stored on a tangible computer-readable medium such as a compact disk, a digital disk, flash memory, a memory card, a USB drive, an optical disc storage medium, such as a Blu-rayTM disc, and/or other non-transitory storage media.
  • An optional display interface 630 may permit information from the bus 300 to be displayed on the display 635 in audio, visual, graphic, or alphanumeric format, such as the interface previously described herein. Communication with external devices, such as a print device, may occur using various communication ports 640.
  • An illustrative communication port 640 may be attached to a communications network, such as the Internet, an intranet, or the like.
  • the hardware may also include an interface 645 which allows for receipt of data from input devices such as a keyboard 650 or other input device 655 such as a mouse, a joystick, a touch screen, a remote control, a pointing device, a video input device and/or an audio input device.
  • the hardware may also include a storage device 660 such as, for example, a connected storage device, a server, and an offsite remote storage device.
  • Illustrative offsite remote storage devices may include hard disk drives, optical drives, tape drives, cloud storage drives, and/or the like.
  • the storage device 660 may be configured to store data as described herein, which may optionally be stored on a database 665.
  • the database 665 may be configured to store information in such a manner that it can be indexed and searched, as described herein.
  • FIG. 6 The computing device of FIG. 6 and/or components thereof may be used to carry out the various processes as described herein.
  • FIGS. 7-12 depict illustrative user interfaces according to various embodiments.
  • the various user interfaces described herein are not limited by this disclosure and may be provided on any type of device.
  • Illustrative examples include a computing device, an electronic device, a mobile device, and a physical installation, such as a freestanding PIN pad or the like.
  • a user may interact with the user interface by using an interface device such as a keyboard, a mouse, a touch screen, and/or the like, or by interacting with physical elements.
  • the user interface may generally display information for the user in a manner that allows the user to visualize and/or manipulate the information.
  • the user interface may provide a game, monitor the user's inputs in following instructions, attempting the game, and/or completing the game, and/or store the inputs such that a user's tendencies can be learned.
  • FIG. 7 depicts an illustrative user interface, generally designated 700, according to an embodiment.
  • the user interface 700 may generally be configured to provide a command area 705 containing instructions for the user to follow and/or a response area 710 for receiving inputs from the user in response to the instructions provided in the command area.
  • the command area 705 may be provided at substantially the same time as the response area 710.
  • the command area 705 may be provided prior to the response area 710. Accordingly, the user may be required to remember the instructions in the command area 705 before providing a response, thereby providing an additional layer of protection against unauthorized users.
  • the response area 710 may be a maze.
  • the user may generally be required to trace a path from a start portion to and end portion of the maze to verify that he/she is a human user to access the secured resource.
  • each path in the maze taken by the user may be unique and may be known to the user before traversing the maze and/or traversed in a particular amount of time.
  • the maze may include one or more signposts or the like that may be traversed in a particular order that is unique to the user.
  • FIG. 8 depicts an illustrative user interface, generally designated 800, according to an embodiment.
  • the user interface 800 may generally provide a command area 805 containing instructions for the user to follow and/or a response area 810 for receiving inputs from the user in response to the instructions provided in the command area.
  • the command area 805 may be provided at substantially the same time as the response area 810.
  • the command area 805 may be provided prior to the response area 810. Accordingly, the user may be required to remember the instructions in the command area 805 before providing a response, thereby providing an additional layer of protection against unauthorized users.
  • the response area 810 may contain a plurality of objects, such as, for example, balloons.
  • Each object may be in a fixed location or may move around the user interface. In some embodiments, the location of each object may be random. Each object may contain, for example, a character such as a number, a letter, a symbol, and/or the like. In such a response area 810, the user may generally be required to complete a task to "input" a particular character. In some embodiments, the user may enter a specific sequence of characters such as a PIN number by tapping and/or clicking on the object that corresponds to the specific sequence. In particular embodiments where the object is moving, the user may tap and/or click in varying locations depending on the location of the object containing the character he/she wishes to select.
  • Such embodiments may discourage bots, which may not be able to track the movement of each object and/or select an appropriate sequence of characters.
  • it may be difficult for a shoulder-surfing person to obtain the PIN code because of the random placement and/or movement of the objects.
  • FIG. 9 depicts an illustrative user interface, generally designated 900, according to an embodiment.
  • the user interface 900 may generally provide a command area 905 containing instructions for the user to follow, a first response area 910, and/or a second response area 915.
  • a user may generally provide one or more inputs in response to the command in at least one of the first response area 910 and the second response area 915.
  • the command area 905 may be provided at substantially the same time as at least one of the first response area 910 and the second response area 915. In other embodiments, the command area 905 may be provided prior to at least one of the first response area 910 and the second response area 915.
  • the user may be required to remember the instructions in the command area 905 before providing a response, thereby providing an additional layer of protection against unauthorized users.
  • the first response area 910 may contain a plurality of objects, such as, for example, balloons. Each object may be in a fixed location or may move around the user interface. In some embodiments, the location of each object may be random. Each object may contain, for example, a character such as a number, a letter, a symbol, and/or the like. In the first response area 910, the user may generally be required to complete a task to "input" a particular character.
  • the user may enter a specific sequence of characters such as a PIN number by tapping, clicking, and/or dragging on the object that corresponds to the specific sequence to the second response area 915.
  • a specific sequence of characters such as a PIN number
  • the user may tap and/or click in varying locations depending on the location of the object containing the character he/she wishes to select. Such embodiments may discourage bots, which may not be able to track the movement of each object and/or select an appropriate sequence of characters.
  • the user may rearrange the objects in the second response area 915 after they have been moved from the first response area 910.
  • FIG. 10 depicts an illustrative user interface, generally designated 1000, according to an embodiment.
  • the user interface 1000 may generally provide a command area 1005 containing instructions for the user to follow and/or a response area 1010 for receiving inputs from the user in response to the instructions provided in the command area.
  • the command area 1005 may be provided at substantially the same time as the response area 1010.
  • the command area 1005 may be provided prior to the response area 1010. Accordingly, the user may be required to remember the instructions in the command area 1005 before providing a response, thereby providing an additional layer of protection against unauthorized users.
  • the response area 1010 may contain a plurality of objects, such as, for example, fruit.
  • the objects in the response area 1010 may vary in size and/or shape. Each object may be in a fixed location or may move around the user interface. In some embodiments, the location of each object may be random. Each object may contain, for example, a character such as a number, a letter, a symbol, and/or the like. In such a response area 1010, the user may generally be required to complete a task to "input" a particular character, such as, for example, slicing the fruit. In some embodiments, the user may enter a specific sequence of characters such as a PIN number by tapping, clicking, swiping, and/or the like on the object that corresponds to the specific sequence.
  • the user may provide an input in varying locations depending on the location of the object containing the character he/she wishes to select.
  • Such embodiments may discourage bots, which may not be able to track the movement of each object, select an appropriate sequence of characters, and/or provide the necessary "slicing" motions.
  • FIG. 11 depicts an illustrative user interface, generally designated 1100, according to an embodiment.
  • the user interface 1100 may generally provide a command area 1105 containing instructions for the user to follow and/or a response area 1110 for receiving inputs from the user in response to the instructions provided in the command area.
  • the command area 1105 may be provided at substantially the same time as the response area 1110.
  • the command area 1105 may be provided prior to the response area 1110.
  • the command area 1105 may randomly change each time the user attempts to access the user interface 1100. Accordingly, the user may be required to remember the instructions in the command area 1105 each time before providing a response, thereby providing an additional layer of protection against unauthorized users. As shown in FIG.
  • the response area 1110 may contain a plurality of objects, such as, for example, fruit.
  • the objects in the response area 1110 may vary in size and/or shape.
  • Each object may be in a fixed location or may move around the user interface. In some embodiments, the location of each object may be random.
  • the user may generally be required to complete a task in response to the command, such as, for example, peel and/or slice a particular piece of fruit.
  • the user may be required to recognize which piece of fruit is to be manipulated, and must provide particular inputs that mimic the tasks requested in the command area 1105.
  • the object may provide an input in varying locations depending on the location of the object he/she is requested to manipulate. Such embodiments may discourage bots, which may not be able to determine the difference between objects, track the movement of each object, select the appropriate object, and/or provide the necessary motions corresponding to the required task.
  • FIG. 12 depicts an illustrative user interface, generally designated 1200, according to an embodiment.
  • the user interface 1200 may generally provide a command area 1205 containing instructions for the user to follow and/or a response area 1210 for receiving inputs from the user in response to the instructions provided in the command area.
  • the command area 1205 may be provided at substantially the same time as the response area 1210.
  • the command area 1205 may be provided prior to the response area 1210. Accordingly, the user may be required to remember the instructions in the command area 1205 before providing a response, thereby providing an additional layer of protection against unauthorized users.
  • the response area 1210 may contain a plurality of objects.
  • Each object may be in a fixed location or may move around the user interface. In some embodiments, the location of each object may be random. Each object may contain, for example, a character such as a number, a letter, a symbol, and/or the like. In such a response area 1210, the user may generally be required to complete a task to "input" one or more characters. In some embodiments, the user may enter a specific sequence of characters such as a PIN number by tapping and/or clicking on any object that does not correspond to the specific sequence to remove the characters. In particular embodiments where the object is moving, the user may tap and/or click in varying locations depending on the location of the object containing the character he/she wishes to remove.
  • compositions, methods, and devices are described in terms of “comprising” various components or steps (interpreted as meaning “including, but not limited to”), the compositions, methods, and devices can also “consist essentially of or “consist of the various components and steps, and such terminology should be interpreted as defining essentially closed-member groups. It will be further understood by those within the art that if a specific number of an introduced claim recitation is intended, such an intent will be explicitly recited in the claim, and in the absence of such recitation no such intent is present. For example, as an aid to understanding, the following appended claims may contain usage of the introductory phrases “at least one” and “one or more” to introduce claim recitations.
  • a range includes each individual member.
  • a group having 1-3 cells refers to groups having 1, 2, or 3 cells.
  • a group having 1-5 cells refers to groups having 1, 2, 3, 4, or 5 cells, and so forth.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Optics & Photonics (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)
PCT/US2014/023122 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media WO2014164653A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
JP2016501155A JP6634193B2 (ja) 2013-03-12 2014-03-11 対話型媒体を介してセキュリティを提供するシステムおよび方法
US14/775,378 US10097550B2 (en) 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media
KR1020217007444A KR102337335B1 (ko) 2013-03-12 2014-03-11 상호작용 매체들을 통해 보안을 제공하기 위한 시스템들 및 방법들
KR1020157027850A KR102228714B1 (ko) 2013-03-12 2014-03-11 상호작용 매체들을 통해 보안을 제공하기 위한 시스템들 및 방법들
AU2014249163A AU2014249163A1 (en) 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media
CA2908547A CA2908547C (en) 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media
US16/128,751 US10893047B2 (en) 2013-03-12 2018-09-12 Systems and methods for providing security via interactive media
AU2020200650A AU2020200650B2 (en) 2013-03-12 2020-01-29 Systems and methods for providing security via interactive media
US17/103,387 US11695771B2 (en) 2013-03-12 2020-11-24 Systems and methods for providing security via interactive media
AU2021254670A AU2021254670C1 (en) 2013-03-12 2021-10-25 Systems and methods for providing security via interactive media

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201361778132P 2013-03-12 2013-03-12
US61/778,132 2013-03-12

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US14/775,378 A-371-Of-International US10097550B2 (en) 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media
US16/128,751 Continuation US10893047B2 (en) 2013-03-12 2018-09-12 Systems and methods for providing security via interactive media

Publications (1)

Publication Number Publication Date
WO2014164653A1 true WO2014164653A1 (en) 2014-10-09

Family

ID=51658930

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/023122 WO2014164653A1 (en) 2013-03-12 2014-03-11 Systems and methods for providing security via interactive media

Country Status (6)

Country Link
US (3) US10097550B2 (ja)
JP (2) JP6634193B2 (ja)
KR (2) KR102337335B1 (ja)
AU (3) AU2014249163A1 (ja)
CA (1) CA2908547C (ja)
WO (1) WO2014164653A1 (ja)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017140167A (ja) * 2016-02-09 2017-08-17 株式会社コナミデジタルエンタテインメント ゲームシステム、ゲーム制御装置、及びプログラム
US10097550B2 (en) 2013-03-12 2018-10-09 Ganalila, Llc Systems and methods for providing security via interactive media

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10565818B2 (en) 2016-09-26 2020-02-18 Everi Games, Inc. Apparatus and methods for facilitating wagering on games conducted on an independent video gaming system
CN104156655B (zh) * 2014-05-28 2017-03-08 东莞盛世科技电子实业有限公司 多义化密码校验方法及密码校验设备
US9967277B2 (en) * 2014-11-24 2018-05-08 Paypal, Inc Digital dye packs
US10082954B2 (en) * 2015-09-04 2018-09-25 International Business Machines Corporation Challenge generation for verifying users of computing devices
CN106549925A (zh) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 防止跨站点请求伪造的方法、装置及系统
US9977892B2 (en) 2015-12-08 2018-05-22 Google Llc Dynamically updating CAPTCHA challenges
CN108460268A (zh) * 2017-02-20 2018-08-28 阿里巴巴集团控股有限公司 验证方法及装置
US10354463B2 (en) * 2017-03-20 2019-07-16 Ademco Inc. Systems and methods for secure authentication for access control, home control, and alarm systems
US10877560B2 (en) * 2017-12-22 2020-12-29 Mastercard International Incorporated Haptic feedback for authentication and security in computer systems
US11204648B2 (en) 2018-06-12 2021-12-21 Mastercard International Incorporated Handshake to establish agreement between two parties in virtual reality
KR102010360B1 (ko) * 2018-10-08 2019-08-14 넷마블 주식회사 색각 이상 판단 장치 및 방법
KR102210389B1 (ko) * 2019-06-24 2021-02-02 넷마블 주식회사 본인 인증 방법 및 장치
CN110516430B (zh) * 2019-08-06 2021-07-09 咪咕文化科技有限公司 身份验证方法、服务端和客户端
US11328047B2 (en) * 2019-10-31 2022-05-10 Microsoft Technology Licensing, Llc. Gamified challenge to detect a non-human user
US11590929B2 (en) * 2020-05-05 2023-02-28 Nvidia Corporation Systems and methods for performing commands in a vehicle using speech and image recognition

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090319271A1 (en) * 2008-06-23 2009-12-24 John Nicholas Gross System and Method for Generating Challenge Items for CAPTCHAs
US20120167204A1 (en) * 2010-12-22 2012-06-28 Yahoo! Inc Isolation tool for user assistance in solving a captcha test
US20120323700A1 (en) * 2011-06-20 2012-12-20 Prays Nikolay Aleksandrovich Image-based captcha system

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001294605A1 (en) 2000-09-21 2002-04-02 Iq Company Method and system for asynchronous online distributed problem solving including problems in education, business finance and technology
KR100466665B1 (ko) 2001-06-12 2005-01-15 주식회사 코디소프트 게임을 이용한 자동체력평가운동방법
US7395027B2 (en) 2002-08-15 2008-07-01 Seitz Thomas R Computer-aided education systems and methods
US9280871B2 (en) 2006-07-07 2016-03-08 Emc Corporation Gaming systems with authentication token support
US20100056276A1 (en) 2006-12-22 2010-03-04 Neuroinsight Pty. Ltd. Assessment of computer games
EP2109837B1 (en) * 2007-01-23 2012-11-21 Carnegie Mellon University Controlling access to computer systems and for annotating media files
US20080233550A1 (en) 2007-01-23 2008-09-25 Advanced Fuel Research, Inc. Method and apparatus for technology-enhanced science education
US20090210937A1 (en) 2008-02-15 2009-08-20 Alexander Kraft Captcha advertising
US8224891B2 (en) 2008-06-12 2012-07-17 The Board Of Regents Of The University Of Oklahoma Electronic game-based learning system
US20100037319A1 (en) * 2008-08-08 2010-02-11 Microsoft Corporation Two stage access control for intelligent storage device
JP2010227182A (ja) * 2009-03-26 2010-10-14 Sega Corp オンラインゲームサーバ処理方法、オンラインゲームサーバ装置、オンラインゲームサーバ処理プログラム、オンラインゲームクライアント処理プログラムおよびオンラインゲームサーバ処理プログラム記録媒体
JP5222772B2 (ja) 2009-03-31 2013-06-26 株式会社コナミデジタルエンタテインメント ゲームシステム、ゲームデータの難易度修正方法及びゲームデータ難易度修正用プログラム
JP2010277182A (ja) 2009-05-26 2010-12-09 Daiwa House Industry Co Ltd 緊急地震速報対応住宅用全館放送システム
US9225531B2 (en) * 2009-06-18 2015-12-29 Visa International Service Association Automated test to tell computers and humans apart
US8458788B2 (en) * 2010-05-04 2013-06-04 Synaptics Incorporated System and method for authentication of input devices
WO2012010743A1 (en) * 2010-07-23 2012-01-26 Nokia Corporation Method and apparatus for authorizing a user or a user device based on location information
US20140317744A1 (en) * 2010-11-29 2014-10-23 Biocatch Ltd. Device, system, and method of user segmentation
US8810368B2 (en) * 2011-03-29 2014-08-19 Nokia Corporation Method and apparatus for providing biometric authentication using distributed computations
US9256874B2 (en) * 2011-04-15 2016-02-09 Shift4 Corporation Method and system for enabling merchants to share tokens
US9141779B2 (en) * 2011-05-19 2015-09-22 Microsoft Technology Licensing, Llc Usable security of online password management with sensor-based authentication
US20130145441A1 (en) * 2011-06-03 2013-06-06 Dhawal Mujumdar Captcha authentication processes and systems using visual object identification
US9146917B2 (en) * 2011-07-15 2015-09-29 International Business Machines Corporation Validating that a user is human
US9104854B2 (en) * 2011-08-17 2015-08-11 Qualcomm Incorporated Method and apparatus using a CAPTCHA having visual information related to the CAPTCHA's source
US8821272B2 (en) 2011-09-26 2014-09-02 Andrew Jack Thomas System and method of gamification of real-life events
US20130097697A1 (en) * 2011-10-14 2013-04-18 Microsoft Corporation Security Primitives Employing Hard Artificial Intelligence Problems
US20130160095A1 (en) * 2011-12-14 2013-06-20 Nokia Corporation Method and apparatus for presenting a challenge response input mechanism
US20130171594A1 (en) 2011-12-30 2013-07-04 Pepper Technology LLC Systems and methods for providing training and collaborative activities through a group-based training and evaluation platform
TWI485669B (zh) 2012-02-07 2015-05-21 Univ Nat Chiao Tung 演化學習遊戲裝置
JP6440205B2 (ja) 2012-08-02 2018-12-19 ガナリラ、エルエルシー 問題をゲーム化するためのシステムおよび方法
KR102337335B1 (ko) 2013-03-12 2021-12-10 가날리아, 엘엘씨 상호작용 매체들을 통해 보안을 제공하기 위한 시스템들 및 방법들

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090319271A1 (en) * 2008-06-23 2009-12-24 John Nicholas Gross System and Method for Generating Challenge Items for CAPTCHAs
US20120167204A1 (en) * 2010-12-22 2012-06-28 Yahoo! Inc Isolation tool for user assistance in solving a captcha test
US20120323700A1 (en) * 2011-06-20 2012-12-20 Prays Nikolay Aleksandrovich Image-based captcha system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Are You a Human. How PlayThru Stops the Bots: Demo Video.", YOUTUBE., 6 December 2012 (2012-12-06), Retrieved from the Internet <URL:http://www.youtube.com/watch?v=z35Q3TtJ-h4> [retrieved on 20140708] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10097550B2 (en) 2013-03-12 2018-10-09 Ganalila, Llc Systems and methods for providing security via interactive media
US10893047B2 (en) 2013-03-12 2021-01-12 Ganalila, Llc Systems and methods for providing security via interactive media
US11695771B2 (en) 2013-03-12 2023-07-04 Ganalila, Llc Systems and methods for providing security via interactive media
JP2017140167A (ja) * 2016-02-09 2017-08-17 株式会社コナミデジタルエンタテインメント ゲームシステム、ゲーム制御装置、及びプログラム

Also Published As

Publication number Publication date
AU2020200650A1 (en) 2020-02-20
AU2021254670B2 (en) 2023-01-05
KR102228714B1 (ko) 2021-03-18
AU2014249163A1 (en) 2015-10-08
JP2016518644A (ja) 2016-06-23
US20190014119A1 (en) 2019-01-10
US10097550B2 (en) 2018-10-09
JP6634193B2 (ja) 2020-01-22
CA2908547A1 (en) 2014-10-09
AU2021254670C1 (en) 2023-03-23
AU2021254670A1 (en) 2021-11-18
KR20150128862A (ko) 2015-11-18
US20210084041A1 (en) 2021-03-18
JP2020053061A (ja) 2020-04-02
US20160028730A1 (en) 2016-01-28
KR20210030512A (ko) 2021-03-17
AU2020200650B2 (en) 2021-11-18
US10893047B2 (en) 2021-01-12
KR102337335B1 (ko) 2021-12-10
US11695771B2 (en) 2023-07-04
JP7045774B2 (ja) 2022-04-01
CA2908547C (en) 2021-08-24

Similar Documents

Publication Publication Date Title
AU2021254670C1 (en) Systems and methods for providing security via interactive media
US11736478B2 (en) Device, system, and method of user authentication based on user-specific characteristics of task performance
US10586036B2 (en) System, device, and method of recovery and resetting of user authentication factor
US10476873B2 (en) Device, system, and method of password-less user authentication and password-less detection of user identity
US10164985B2 (en) Device, system, and method of recovery and resetting of user authentication factor
US10037421B2 (en) Device, system, and method of three-dimensional spatial user authentication
Serwadda et al. When kids' toys breach mobile phone security
US20170185760A1 (en) Face-Controlled Liveness Verification
Khan et al. Augmented reality-based mimicry attacks on behaviour-based smartphone authentication
WO2007134433A1 (en) Security or authentication system and method using manual input measurements, such as via user manipulation of a computer mouse
Mahadi et al. A survey of machine learning techniques for behavioral-based biometric user authentication
Li et al. iCare: Automatic and user-friendly child identification on smartphones
WO2014185861A1 (en) System and method for authenticating a user
Shrestha et al. Theft-resilient mobile wallets: Transparently authenticating NFC users with tapping gesture biometrics
US7434059B2 (en) Interactive, performance based authentication
Alsaiari Graphical one-time password authentication
US20190073460A1 (en) Neurologically Based Encryption System And Method Of Use
Lee User Authentication and Security Vulnerabilities Using Smartphone Sensors and Machine Learning
CN116361646A (zh) 基于语义和行为的用户双因子认证方法及系统
Kroeze Touch Biometrics for Unobtrusive Continuous Authentication on Smartphones

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14780140

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2908547

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 14775378

Country of ref document: US

ENP Entry into the national phase

Ref document number: 2016501155

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20157027850

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2014249163

Country of ref document: AU

Date of ref document: 20140311

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 14780140

Country of ref document: EP

Kind code of ref document: A1